Why isn’t Congress serious about cybersecurity?

(Cyberwar.news) The White House last week formally proposed a $3.1 billion upgrade to government information technology systems as part of a plan that aimed at bolstering efficiency but also improving cybersecurity following several high-profile hacks in recent years, but Congress doesn’t seem interested in fixing the problems.

The Obama administration had previously included the IT Modernization Fund proposal in a Cybersecurity National Action Plan that was introduced in February.

“The proposed ITMF…will fund the transition to more secure and efficient modern IT systems and infrastructure, while also establishing a self-sustaining mechanism for federal agencies to regularly refresh their IT systems based on up-to-date technologies and best practices,” Federal CIO Tony Scott wrote in a White House blog entry released along with the legislative proposal.

That said, the proposal may just be dead on arrival. Just last month the House Budget Committee rejected an amendment what would have set up an ITMF. Chairman Tom Price, R-Calif, did not provide any rationale for the committee’s decision, Rep. William Hurd, R-Texas, said in February that agencies themselves should be responsible, individually, for modernizing their IT systems rather than a centralized board at the General Services Administration (GSA).

But the administration’s proposal did not address the Budget Committee’s decision. Rather the blog entry essentially laid out cybersecurity challenges that face the nation and how the ITMF would address those challenges.

As noted by FierceGovernmentIT, the administration’s proposal utilizes five mechanisms to address challenges to legacy IT systems:

Government-wide prioritization: The fund would use an independent board of experts to identify the government’s highest-priority projects and to replace multiple legacy systems with a smaller number of common platforms.

Self-sustaining funding: The fund’s $3.1 billion would serve as seed funding that agencies would pay back, thus addressing at least $12 billion in modernization projects in the first 10 years.

Expert management: Every investment that receives funding would receive guidance from GSA experts in IT acquisition and development.

Plans to transition to common platforms: The GSA board would identify opportunities to replace multiple legacy systems across agencies with a smaller number of common platforms, something that is difficult for agencies to coordinate individually.

Strong incentives: Since agencies would need to apply and compete for investments from the central fund, they would be heavily incentivized to develop comprehensive, high-quality modernization plans. Furthermore, since the funding would be relatively stable, those plans could incorporate long-term thinking and shorter development times.

“Ultimately, retiring or modernizing vulnerable and inefficient legacy IT systems will not only make us more secure, it will also save money,” said Scott. “As a means of addressing these pressing challenges, the ITMF is an important first step in changing the way the Federal Government manages its IT portfolio.”

It isn’t clear what Congress’ plan for modernizing federal government IT systems and improving cybersecurity are, but they appear to at least be focused on doing so for the military. The Defense budget for the coming fiscal year contains a request from the White House for a 15 percent increase in spending for cybersecurity, and that is gaining some steam in both chambers.